1 |
Raphael Melo de Oliveira Bastos Sales wrote: |
2 |
> He claims that if someone invades my machine, it will have direct |
3 |
> access to all data. That I have to distribute the database, put it in |
4 |
> another machine and have the web application access that database over |
5 |
> the network. I feel this is a bit overkill. Not only it would force |
6 |
> the data travel through the network, slowing it down, but would also |
7 |
> increase the complexity of the security layout, forcing to make the |
8 |
> two machines very secure, unstead of just one of them. Besides, I |
9 |
> might be wrong, but I feel that a Local Socket is faster and safer |
10 |
> than Corba trasmitting data over the internal network. |
11 |
> |
12 |
> If anybody has any comments, I'd be more than happy to hear it. |
13 |
|
14 |
first, on the issue of distributing, yes, you will have a nominally more |
15 |
secure application. This assumes of course that the attacker cannot |
16 |
take any part of your application and use it against you by accessing |
17 |
the database themselves. |
18 |
|
19 |
the interesting paradox is that by moving your application to another |
20 |
machine and using a network between them for communicating data, the |
21 |
application usually runs faster. |
22 |
|
23 |
Think carefully about the RPC mechanism. Don't try to reinvent the |
24 |
wheel with your own socket connection because you will spend a lot of |
25 |
time getting it right and validating it when you could be doing other |
26 |
things that are more fun, productive, and impressing your boss with your |
27 |
lack of "not invented here" attitude. |
28 |
|
29 |
corba is complex to get started but it is one of the faster RPC |
30 |
mechanisms available (if memory serves). XML RPC is trivially easy to |
31 |
use but is much slower because of XML. Sun RPC. Well, it's a gray |
32 |
beard. Try not to use it. |
33 |
|
34 |
On the security profile, don't sweat it. The best you can do is set out |
35 |
the local machine firewalls to deny access from each other except for |
36 |
the database connection. ssh should only be permitted from your green |
37 |
network. Everything else really depends on what you need exposed and where. |
38 |
|
39 |
connection security can be handled with SSL. Many database engines |
40 |
support this (if memory serves). |
41 |
|
42 |
|
43 |
---eric |
44 |
-- |
45 |
gentoo-user@g.o mailing list |